Skip to main content
This guide shows you how to integrate the Checkly Pulumi provider with various CI/CD platforms to automate your monitoring infrastructure deployments.

Overview

CI/CD integration enables you to automatically deploy monitoring changes when code is pushed, ensuring your monitoring infrastructure stays in sync with your application deployments.

Automated Deployments

Continuous Deployment
  • Deploy monitoring changes automatically
  • Reduce manual configuration errors
  • Ensure infrastructure consistency
  • Enable rapid iteration

Environment Management

Multi-Environment Support
  • Separate stacks for each environment
  • Environment-specific configurations
  • Controlled promotion between environments
  • Consistent monitoring across environments

Security & Compliance

Secure Deployments
  • Secure secret management
  • Role-based access control
  • Audit trails for changes
  • Compliance with security policies

Team Collaboration

Team Workflows
  • Code review for monitoring changes
  • Pull request-based deployments
  • Collaborative infrastructure management
  • Standardized deployment processes

GitHub Actions

Basic Workflow

.github/workflows/deploy.yml

Multi-Environment Workflow

.github/workflows/multi-env.yml

Advanced Workflow with Testing

.github/workflows/pipeline.yml

GitLab CI/CD

Basic Pipeline

.gitlab-ci.yml

Jenkins

Jenkinsfile

Jenkinsfile

Azure DevOps

azure-pipelines.yml

azure-pipelines.yml

CircleCI

.circleci/config.yml

.circleci/config.yml

Security Best Practices

Secret Management

Environment Variables

Secure Storage
  • Use CI/CD platform secret management
  • Never hardcode secrets in pipeline files
  • Rotate secrets regularly
  • Use least-privilege access

Access Control

Role-Based Access
  • Limit deployment permissions
  • Use separate accounts for different environments
  • Implement approval gates for production
  • Audit access regularly

Security Checklist

  • Store secrets in CI/CD platform’s secret management
  • Use environment-specific secrets
  • Rotate API keys regularly
  • Use least-privilege API keys
  • Never log or expose secrets
  • Implement approval gates for production
  • Use separate accounts for environments
  • Limit who can trigger deployments
  • Audit deployment permissions
  • Use branch protection rules
  • Validate code before deployment
  • Use trusted base images
  • Scan for vulnerabilities
  • Implement rollback procedures
  • Monitor deployment logs

Troubleshooting

Common Issues

Problem: Pulumi or Checkly authentication fails Solutions:
  • Verify API keys are correctly set in secrets
  • Check Pulumi access token permissions
  • Ensure environment variables are properly configured
  • Test authentication locally first
Problem: Pipeline lacks permissions to deploy Solutions:
  • Check CI/CD platform permissions
  • Verify Pulumi organization access
  • Ensure Checkly API key has required permissions
  • Review branch protection rules
Problem: Resources already exist or conflict Solutions:
  • Use pulumi refresh to sync state
  • Check for manual changes in Checkly UI
  • Review resource naming conflicts
  • Use pulumi import for existing resources
Always test your CI/CD pipeline in a development environment before deploying to production. Use feature branches and staging environments to validate changes.
Never commit secrets or sensitive information to your repository. Always use your CI/CD platform’s secret management features.